<?php

// --------------------------------------------------------------------- //
// FLASH                                                                 //
// Delete a record V1.01 build 20020529                                  //
// --------------------------------------------------------------------- //
// IN: username                                                          //
// OUT: delete = "true" | "false", message                               //
// --------------------------------------------------------------------- //
// NOTES: - you may need to edit the $changelogFile variable to point to //
//          a directory with read/write access for PHP                   //
//        - the currently logged-in user cannot be deleted               //
//        - the username "admin" acts as a 'root' and can't be deleted   //
// --------------------------------------------------------------------- //


    // connection variables -----------------------------------------------
    $mysqlServer   = "66.226.14.61";
    $mysqlUser     = "timescape";
    $mysqlPassword = "ducati748";
    $mysqlDatabase = "timescape";
    $mysqlTable    = "german";

    $changelogFile = "./logs/changes.txt";
    $changelogSize = 1000;

    // generic error messages ---------------------------------------------
    $errorConnect     = 'Unable to connect to database server.';
    $errorConnectdb   = 'Unable to use the database.';
    $errorQuery       = 'Error while accessing the database. It may be corrupted.';
    $errorIdentity    = 'Error while establishing your identity.';

    $errorNoDelete    = 'Nothing to delete';
    $errorDelete      = 'Unable to delete';
    $errorDelYourself = 'You may not delete your own account';
    $errorDelAdmin    = 'This account cannot be deleted';

    $msgDelete        = 'Account deleted';

    // Append the Log File ------------------------------------------------
    function appendChangeLog($action)
    {
        global $changelogFile, $changelogSize, $inputUser, $HTTP_SERVER_VARS;
        $userIP    = $HTTP_SERVER_VARS['REMOTE_ADDR'];
        $timeStamp = date("Y-m-d,H:i:s");
        $logEntry  = "$userIP,$inputUser,$timeStamp,$action\r\n";

        if ((@file_exists($changelogFile)) && (@filesize($changelogFile)<$changelogSize))
            $fp = @fopen($changelogFile, "a");
        else
            $fp = @fopen($changelogFile, "w");
        if ($fp != false)
        {
            @flock($fp, LOCK_EX);
            @fwrite($fp, $logEntry);
            @fclose($fp);
        }
    }

    // retrieve session variables if they exist ---------------------------
    session_start();
    $inputUser  = isset($HTTP_SESSION_VARS['inputUser']) ? $HTTP_SESSION_VARS['inputUser'] : "";
    $inputPass  = isset($HTTP_SESSION_VARS['inputPass']) ? $HTTP_SESSION_VARS['inputPass'] : "";

    // MySQL query for verification ---------------------------------------
    $verifyAdminQuery = "SELECT
                         admin, active
                         FROM $mysqlTable
                         WHERE username='$inputUser' AND password='$inputPass'";

    // connect to database ------------------------------------------------
    $dblink = @mysql_connect($mysqlServer, $mysqlUser, $mysqlPassword);
    if ($dblink == false)
    {
        echo "&deleted=false&message=$errorConnect&";
        exit;
    }

    if (@mysql_select_db($mysqlDatabase) == false)
    {
        echo "&deleted=false&message=$errorConnectdb&";
        exit;
    }

    // verify that the logged-in user is administrator/active -------------
    $resultQuery = @mysql_query($verifyAdminQuery);
    if ($resultQuery == false)
    {
        echo "&deleted=false&message=$errorIdentity&";
        exit;
    }
    $numberOfUsers = mysql_num_rows($resultQuery);
    if ($numberOfUsers != 1)
    {
        echo "&deleted=false&message=$errorIdentity&";
        exit;
    }
    $security = mysql_fetch_array($resultQuery);
    if (($security['admin'] != 'Y') || ($security['active'] != 'Y'))
    {
        echo "&deleted=false&message=$errorIdentity&";
        exit;
    }

    // retrieve GET variables ---------------------------------------------

    if (!isset($HTTP_GET_VARS['username']))
    {
        echo "&deleted=false&message=$errorNoDelete&";
        exit;
    }
    elseif (($HTTP_GET_VARS['username']) == $inputUser)
    {
        echo "&deleted=false&message=$errorDelYourself&";
        exit;
    }
    elseif (($HTTP_GET_VARS['username']) == "admin")
    {
        echo "&deleted=false&message=$errorDelAdmin&";
        exit;
    }
    $username = $HTTP_GET_VARS['username'];

    // Execute Delete query -----------------------------------------------
    $deleteQuery = "DELETE
                    FROM $mysqlTable
                    WHERE username='$username'";
    $resultQuery = @mysql_query($deleteQuery);
    if (($resultQuery == false) || (mysql_affected_rows() != 1))
    {
        echo "&deleted=false&message=$errorDelete&";
        exit;
    }
    echo "&deleted=true&message=$msgDelete&";

    appendChangeLog("Deleted the user $username");
?>